Vulnerabilities

A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid out-of-boundary access in dnode page<br /> <br /> As Jiaming Zhang reported:<br /> <br /> <br /> __dump_stack lib/dump_stack.c:94 [inline]<br /> dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120<br /> print_address_description mm/kasan/report.c:378 [inline]<br /> print_report+0x17e/0x800 mm/kasan/report.c:480<br /> kasan_report+0x147/0x180 mm/kasan/report.c:593<br /> data_blkaddr fs/f2fs/f2fs.h:3053 [inline]<br /> f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline]<br /> f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855<br /> f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195<br /> prepare_write_begin fs/f2fs/data.c:3395 [inline]<br /> f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594<br /> generic_perform_write+0x2c7/0x910 mm/filemap.c:4112<br /> f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline]<br /> f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216<br /> new_sync_write fs/read_write.c:593 [inline]<br /> vfs_write+0x546/0xa90 fs/read_write.c:686<br /> ksys_write+0x149/0x250 fs/read_write.c:738<br /> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]<br /> do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> The root cause is in the corrupted image, there is a dnode has the same<br /> node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to<br /> access block address in dnode at offset 934, however it parses the dnode<br /> as inode node, so that get_dnode_addr() returns 360, then it tries to<br /> access page address from 360 + 934 * 4 = 4096 w/ 4 bytes.<br /> <br /> To fix this issue, let&amp;#39;s add sanity check for node id of all direct nodes<br /> during f2fs_get_dnode_of_data().

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.